Il 06/09/2012 18:11, Paul Eggert ha scritto: >> > I consider "shuf foo -o foo" (on a read-write file) to be insecure. >> > Besides, it works by chance > It's not by chance. shuf is designed to let you > shuffle a file in-place, and is documented to work, > by analogy with "sort -o foo foo". If we ever > change "shuf" to use mmap, we'll make > sure it continues to work in-place.
Yeah, I read that from Padraig. I stand corrected. > I'm not sure what is meant by "insecure" here. > Of course there are race conditions if other > processes modify a file when "shuf" > reads or writes it, but that's true for pretty > much any program that reads or writes any file, > including sed -i. No, unlink/rename "sed -i" replaces the file atomically. A program that reads the target file will never be able to observe an intermediate result. This is not true of "shuf -o foo foo". (In addition, the temporary file for "sed -i" is opened with 0400 permissions for the user running sed, and will not have the same owner/group/ACL/context as the target file until just before renaming to the destination). It's mostly paranoia, but the race window _is_ there unless you use rename and break hard links. Paolo
